summaryrefslogtreecommitdiff
path: root/jstests/auth/deleted_recreated_user.js
blob: 704710107c020d6615a0445057aea75bd84ac9b5 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74

// Test that sessions can not be resumed by deleted and recreated user.

(function() {
'use strict';

const kInvalidationIntervalSecs = 5;

function runTest(s0, s1) {
    assert(s0);
    assert(s1);
    const admin = s0.getDB('admin');

    function checkIdType(username) {
        const user = admin.system.users.find({user: username, db: 'admin'}).toArray()[0];
        const id = user._id;
        const userId = user.userId;
        assert.eq(typeof (id), 'string');
        assert.eq(id, 'admin.' + username);
        assert.eq(typeof (userId), 'object');
        assert.eq(tojson(userId).substring(0, 5), 'UUID(');
    }

    admin.createUser({user: 'admin', pwd: 'pass', roles: jsTest.adminUserRoles});
    assert(admin.auth('admin', 'pass'));
    checkIdType('admin');

    admin.createUser({user: 'user', pwd: 'pass', roles: jsTest.basicUserRoles});
    checkIdType('user');
    admin.logout();

    // Connect as basic user and create a session.
    assert(admin.auth('user', 'pass'));
    assert.writeOK(admin.mycoll.insert({_id: "foo", data: "bar"}));

    // Perform administrative commands via separate shell.
    function evalCmd(cmd) {
        const uri = 'mongodb://admin:pass@localhost:' + s1.port + '/admin';
        const result = runMongoProgram('./mongo', uri, '--eval', cmd);
        assert.eq(result, 0, "Command failed");
    }
    evalCmd('db.dropUser("user"); ');
    evalCmd('db.createUser({user: "user", pwd: "secret", roles: ["root"]});');

    if (s0 !== s1) {
        // Wait for twice the invalidation interval when sharding.
        sleep(2 * kInvalidationIntervalSecs * 1000);
    }

    // This should fail due to invalid user session.
    const thrown =
        assert.throws(() => admin.mycoll.find({}).toArray(), [], "Able to find after recreate");
    assert.eq(thrown.code, ErrorCodes.Unauthorized, "Threw something other than unauthorized");
}

const mongod = MongoRunner.runMongod({auth: ''});
runTest(mongod, mongod);
MongoRunner.stopMongod(mongod);

// TODO: Remove 'shardAsReplicaSet: false' when SERVER-32672 is fixed.
const st = new ShardingTest({
    shards: 1,
    mongos: 2,
    config: 1,
    other: {
        keyFile: 'jstests/libs/key1',
        shardAsReplicaSet: false,
        mongosOptions: {
            setParameter: 'userCacheInvalidationIntervalSecs=' + kInvalidationIntervalSecs,
        },
    },
});
runTest(st.s0, st.s1);
st.stop();
})();
View Lorry Controller Status